Iframe timeout issue on method notification

[footfish]

checkVersion times out with iframe error.

Network

(minor change in stock js for better error message )

Playground on an AWS ec2 here - https://34.255.10.36//vendor/globalpayments/php-sdk/examples/3ds/

[slogsdon]

@footfish This isn't something we've seen before. It appears the POST to your method notification URL succeeds with a 200 OK, but your browser is still showing the request is loading. Are you able to share the source of your acs-profile-completion.php file for our review? Also, do you experience the same issue when either A) loading over HTTP instead of HTTPS or B) loading over HTTPS with a domain name instead of an IP address?

[footfish]

@slogsdon acs-profile-completion.php works fine with postman and firefox (no pending). I've tried replacing code in acs-profile-completion.php with dummy values and it's still the same. Note that the timeout endpoint (see paste above of error) is https://test.portal.gpwebpay.com/pay-sim-gpi/sim/acs {code: "Error", message: "timeout reached https://test.portal.gpwebpay.com/pay-sim-gpi/sim/acs"}. So I don't think the issue is with acs-profile-completion.php.

However here is code (it's mostly taken from samples in api doc's);

<?php
$threeDSMethodData = $_REQUEST["threeDSMethodData"];

// sample ACS response for Method URL Response Notification
//$threeDSMethodData = "eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImFmNjVjMzY5LTU5YjktNGY4ZC1iMmY2LTdkN2Q1ZjVjNjlkNSJ9";
//base_64 decoded {"threeDSServerTransID":"af65c369-59b9-4f8d-b2f6-7d7d5f5c69d5"}

try {
        $fp = fopen('/tmp/acs_profile_completion.log', 'a');

        $decodedThreeDSMethodData = base64_decode($threeDSMethodData);
        //      $convertedThreeDSMethodData = json_decode($decodedThreeDSMethodData, true);
        //$serverTransID = $convertedThreeDSMethodData['threeDSServerTransID']; // af65c369-59b9-4f8d-b2f6-7d7d5f5c69d5
        echo $decodedThreeDSMethodData;
        fwrite($fp, time().": ".$decodedThreeDSMethodData."\n");
        fclose($fp);

   // TODO: notify client-side that the Method URL step is complete
   // optional to return decoded JSON string, see below
} catch (Exception $exce) {
        // TODO: Add your exception handling here
//      echo $exce;
}

?>

and postman

[footfish]

@slogsdon ok, so that // TODO: notify client-side that the Method URL step is complete is possibly the problem. I don't see in doc's what the 'client-side notification' should look like.. any examples ?

[footfish]

I've changed acs-profile-completion.php to echo the below notification <script> and the checkVersion now it's working. thx.

<script>
  if (window.parent !== window) {
    window.parent.postMessage(
      {event: 'methodNotification', data: { threeDSServerTransID: 'a54fad53-8d9a-4cb4-8e48-831ff00b057c'}},
      'https://34.255.10.36/vendor/globalpayments/php-sdk/examples/3ds/');
  }
</script>

[slogsdon]

@footfish Glad to see you got this sorted.

As a note, the library exports handleMethodNotification that acts as a convenience method for sending the message to the parent window. You could rewrite your script in acs-profile-completion.php as:

<script src="globalpayments-3ds.js"></script>
<script>
  GlobalPayments.ThreeDSecure.handleMethodNotification(
      // base64 decoded `threeDSMethodData`
      { threeDSServerTransID: 'a54fad53-8d9a-4cb4-8e48-831ff00b057c'}},
      // parent window's origin. optional if same origin
      'https://34.255.10.36'
  );
</script>

There's also a matching handleChallengeNotification function for the challenge notification URL.